"... Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also su ..."

Isabelle/HOL has recently acquired new versions of definitional packages for inductive datatypes and primitive recursive functions. In contrast to its predecessors and most other implementations, Isabelle/HOL datatypes may be mutually and indirect recursive, even infinitely branching. We also support inverted datatype definitions for characterizing existing types as being inductive ones later. All our constructions are fully definitional according to established HOL tradition. Stepping back from the logical details, we also see this work as a typical example of what could be called &quot;Formal-Logic Engineering&quot;. We observe that building realistic theorem proving environments involves further issues rather than pure logic only. 1

...ve definitions of sets (via the usual Knaster-Tarski construction, cf. [17]), inductive datatypes, and primitive recursive functions. Our primary efforts went into the datatype and primrec mechanisms =-=[2]-=-, achieving a considerably more powerful system than had been available before. In particular, datatypes may now involve mutual and indirect recursion, and arbitrary branching over existing types. 1 F...

"... Abstraction techniques are indispensable for the specification and verification of the functional behavior of programs. In object-oriented specification languages like JML, a powerful abstraction technique is the use of model classes, that is, classes that are only used for specification purposes an ..."

Abstraction techniques are indispensable for the specification and verification of the functional behavior of programs. In object-oriented specification languages like JML, a powerful abstraction technique is the use of model classes, that is, classes that are only used for specification purposes and that provide object-oriented interfaces for essential mathematical concepts such as sets or relations. While the use of model classes in specifications is natural and powerful, they pose problems for verification. Program verifiers map model classes to their underlying logics. Flaws in a model class or the mapping can easily lead to unsoundness and incompleteness. This article proposes an approach for the faithful mapping of model classes to mathematical structures provided by the theorem prover of the program verifier at hand. Faithfulness means that a given model class semantically corresponds to the mathematical structure it is mapped to. Our approach enables reasoning about programs specified in terms of model classes. It also helps in writing consistent and complete model-class specifications as well as in identifying and checking redundant specifications. 1

... the second is recursive. Inductive data types defined in the form of (2) can be fully characterized by three properties: the injectivity and distinctness of constructors, and the induction principle =-=[21, 30]-=-. That is, all other standard properties of inductive data types can be derived from these three properties. While we know that the three characteristic properties hold for the inductively defined dat...

"... The model of timed I/O automata represents an extension of the model of I/O automata with the aim of reasoning about realtime systems. A number of case studies using timed I/O automata has been carried out, among them a treatment of the so-called Generalized Railroad Crossing (GRC). An already e ..."

The model of timed I/O automata represents an extension of the model of I/O automata with the aim of reasoning about realtime systems. A number of case studies using timed I/O automata has been carried out, among them a treatment of the so-called Generalized Railroad Crossing (GRC). An already existing formalization of the metatheory of I/O automata within Isabelle/HOLCF allows for fully formal tool-supported verication using I/O automata. We present a modication of this formalization which accomodates for reasoning about timed I/O automata. The guiding principle in choosing the parts of the metatheory of timed I/O automata to formalize has been to provide all the theory necessary for formalizing the solution to the GRC. This leads to a formalization of the GRC, in which not only the correctness proof itself has been formalized, but also the underlying meta-theory of timed I/O automata, on which the correctness proof is based.

...sible, only switching to LCF when needed. Several features of Isabelle/HOL help the user to write succinct and readable theories. There is a mechanism for ML-style definitions of inductive data types =-=[4]-=-. For every definition of a recursive data type, Isabelle will automatically construct a type together with the necessary proofs that this type has the expected properties. Another feature working alo...

"... The Generalized Railroad Crossing (GRC) has been designed as a benchmark for the comparison of formal methods for the specification and verification of real-time systems. One of the solutions to the GRC is based on the Lynch-Vaandrager timed automaton model, parts of which have subsequently been for ..."

The Generalized Railroad Crossing (GRC) has been designed as a benchmark for the comparison of formal methods for the specification and verification of real-time systems. One of the solutions to the GRC is based on the Lynch-Vaandrager timed automaton model, parts of which have subsequently been formalized by Archer and Heitmeyer using PVS. We present a more extensive formalization of the GRC in Isabelle/HOLCF. The distinguishing feature of our formalization is its completeness in the sense that not only the correctness proof itself has been formalized, but also the underlying meta-theory of timed I/O automata, on which the correctness proof is based. Large parts of this formalization were created by `upgrading&apos; the necessary parts of an existing formalization of untimed I/O automata in Isabelle/HOLCF.